Home  |  About Us  |  Commitment  |  Our Services  |  Compliance Info  |  IT Security  |  Helpdesk  |  Online Payments  |  Contact Us
 

 

IT Regulatory Compliance and Remediation Services                         PCI DSS 2.0  |  FFIEC  |  GLBA  |  CPNI

 

Regulatory Compliance  once described the policies and procedures financial firms were required to have in place to ensure that they follow the many laws, rules, and regulations put in place by the governing bodies which control their activities. Today that narrow definition is no longer accurate.  The technology infrastructure of many businesses and non-profit organizations has become increasingly subject to industry specific privacy and security regulations, leaving many IT departments inundated with a diverse list of never-ending standards, regulations, initiatives, projects, and best practices to roll out and keep in place.  As important as the tasks are related to these challenges, they each hold one thing in common—they can over burden your internal IT staff and distract them from their main objective of supporting and advancing your company's technology.

 

Lanyard Technical Services can help your organization stay focused on its business objectives by providing expert assistance and remediation in the following areas:

 

Payment Card Industry Data Security Standard (PCI DSS 2.0)

             Lanyard Technical Services provides consulting services to assist merchant businesses in correctly classifying, choosing and
             completing a Self Assessment Questionnaire (SAQ).   Lanyard can assist Level 2, 3, and 4 merchants achieve compliance by
             performing an internal risk assessment (a gap analysis study) that will identify control weaknesses in a merchant's PCI
             environment.

             Additionally, Lanyard provides cost-effective PCI remediation services to correct compliance issues
             uncovered during an annual PCI security audit or quarterly scan.  Level 3 and 4 merchants may also find that allowing
             Lanyard Technical Services to bring ad-hoc management or annual oversight to their ongoing PCI DSS program is the
             "just right" approach for them.

 

Federal Financial Institutions Examination Council Compliance (FFIEC)

 

              The Council is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal
              examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance
              Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and
              the Office of Thrift Supervision (OTS).

 

              Using the FFIEC Information Security Handbook as a guide, Lanyard Technical Services can aid your financial institution in
              achieving and maintaining compliance through the integration of technology, staff, processes, training and best practices.
              Lanyard also assists financial institutions in developing cost-effective intrusion detection, prevention, and response programs which
              satisfy FFIEC compliance requirements.

 

Gramm-Leach-Bliley Act, Part 748 (GLBA)

 

              Lanyard Technical Services is especially well acquainted with the NCUA audit process and 12 CFR part 748 and can place your
              institution well ahead of the compliance curve.  Lanyard can assist your Board, executive staff, or IT staff to develop and manage
              an NCUA /GLBA compliant security program, provide analysis of your institution’s current compliance gaps, and create a
              remediation roadmap to correct any outstanding issues.  We also provide expert guidance on resolving technical or data
              security issues outside the GLBA compliance scope.

 

Customer Proprietary Network Information (CPNI)

              The U.S. Telecommunications Act of 1996 granted the Federal Communications Commission (FCC) authority to regulate how
              Customer Proprietary Network Information (CPNI) could be used and to enforce related consumer information privacy provisions.
              Customer Proprietary Network Information is comprised of the data collected and stored by telecommunication carrier companies
              regarding a consumer's telephone calls and services. This data may include the time, date, duration and destination number of
              each call, the type of network a consumer subscribes to, configuration settings and any other information that may appear on a
              consumer's telephone bill.

              The FCC began been picking up the pace in 2008 in regard to enforcement of their CPNI Order-- 47 U.S.C. § 222.  If your company
              needs technology or technical assistance in this area Lanyard Technical Services is experienced and can help.

Call or email Lanyard Technical Services to schedule a confidential 60-minute consultation regarding any of these regulations.  An initial consultation carries no cost, obligation, or risk.

 

 

     © Copyright Lanyard Technical Services L.L.C.                              |        All Rights Reserved.        |                            Site Hosted by Omnis Networks, L.L.C.